Microsoft Server Software Under Widespread Cyberattack with Unknown Hackers Targeting Governments and Companies Worldwide.
PorAinvest
lunes, 21 de julio de 2025, 1:51 am ET1 min de lectura
MSFT--
The attacks, known as zero-day exploits, target previously unknown vulnerabilities in SharePoint servers. This has led to the compromise of thousands of servers worldwide, with the U.S., Netherlands, UK, and Canada being the most affected regions [2]. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability allows hackers to access file systems and internal configurations, as well as execute malicious code [3].
Microsoft has recommended immediate security updates for customers and is working on patches for the affected versions of SharePoint. The company has also advised customers to enable AMSI integration and deploy Defender AV on all SharePoint servers to mitigate the risk [2].
The attacks have been attributed to unidentified actors who have exploited a flaw in the SharePoint server software to launch remote code execution (RCE) attacks. These attacks can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization, or website [1].
The hack is a significant concern for businesses and government agencies, as it can lead to data breaches, financial losses, and reputational damage. Microsoft's response to the attack has been criticized for being slow and insufficient, with the company only issuing a security update after the attacks had already occurred [3].
The ongoing investigation into the attacks is expected to provide more information about the extent of the damage and the identity of the perpetrators. In the meantime, companies are advised to take immediate action to protect their SharePoint servers and mitigate the risk of further attacks.
References:
[1] Reuters. (2025, July 20). Microsoft alerts businesses, governments to server software attack. Retrieved from https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-alerts-businesses-governments-server-software-attack-2025-07-21/
[2] BleepingComputer. (2025, July 18). Microsoft SharePoint zero-day exploited in RCE attacks - no patch available. Retrieved from https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
[3] The Washington Post. (2025, July 20). Hackers exploit major security flaw in Microsoft server software. Retrieved from https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/
Microsoft's SharePoint servers are under attack by unknown hackers, with thousands of companies worldwide potentially affected. The US Cybersecurity and Infrastructure Security Agency has confirmed the vulnerability allows hackers to access file systems and internal configurations and execute malicious code. Microsoft has released a security update and is working on further patches. Companies in the US, Netherlands, UK, and Canada are most at risk.
Microsoft has issued an alert about active attacks on server software used by government agencies and businesses to share documents within organizations. The vulnerabilities apply only to SharePoint servers used within organizations, and not to SharePoint Online in Microsoft 365, which is in the cloud [1].The attacks, known as zero-day exploits, target previously unknown vulnerabilities in SharePoint servers. This has led to the compromise of thousands of servers worldwide, with the U.S., Netherlands, UK, and Canada being the most affected regions [2]. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability allows hackers to access file systems and internal configurations, as well as execute malicious code [3].
Microsoft has recommended immediate security updates for customers and is working on patches for the affected versions of SharePoint. The company has also advised customers to enable AMSI integration and deploy Defender AV on all SharePoint servers to mitigate the risk [2].
The attacks have been attributed to unidentified actors who have exploited a flaw in the SharePoint server software to launch remote code execution (RCE) attacks. These attacks can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization, or website [1].
The hack is a significant concern for businesses and government agencies, as it can lead to data breaches, financial losses, and reputational damage. Microsoft's response to the attack has been criticized for being slow and insufficient, with the company only issuing a security update after the attacks had already occurred [3].
The ongoing investigation into the attacks is expected to provide more information about the extent of the damage and the identity of the perpetrators. In the meantime, companies are advised to take immediate action to protect their SharePoint servers and mitigate the risk of further attacks.
References:
[1] Reuters. (2025, July 20). Microsoft alerts businesses, governments to server software attack. Retrieved from https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-alerts-businesses-governments-server-software-attack-2025-07-21/
[2] BleepingComputer. (2025, July 18). Microsoft SharePoint zero-day exploited in RCE attacks - no patch available. Retrieved from https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
[3] The Washington Post. (2025, July 20). Hackers exploit major security flaw in Microsoft server software. Retrieved from https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios